wavetermdev
[Feature]: Option to bypass certificate authorization in Web widget for self-signed certs
Feature description
Please add option for builtin browser to be able to ignore errors about self-signed certificates, in order to load page properly.
Implementation Suggestion
No response
Anything else?
No response
Adding comments from discord: I looked into it a bit further, this would require us to add a callback in our main Electron process to intercept this error, prompt the user to determine if they want to proceed anyway, and then call a callback if they say yes (https://stackoverflow.com/questions/38986692/how-do-i-trust-a-self-signed-certificate-from-an-electron-app). Honestly, it feels pretty sketchy to me and it's not a small investment so I'm not sure when we'd deliver this. I'd need to do some more research to understand how this could impact the rest of our frontend integrity. The workaround for now is to click the "open in external browser" button in the header
It would be very useful if it's all in one bundled. For server administration is perfect.
Yeah I definitely think it's a good thing to implement, but I need to make sure it's not going to cause our frontend to become less secure. I don't love that it requires a global handler...
@sandikata what happens if you add the offending certificate to your keychain? Does that resolve the issue?
It depends on your OS, but you should be able to save the certificate as a trusted cert in your system’s keychain. This is the program your computer uses to validate certificates when authenticating to remote servers, such as a website.
https://tosbourn.com/getting-os-x-to-trust-self-signed-ssl-certificates/ https://superuser.com/questions/463081/adding-self-signed-certificate-to-trusted-root-certificate-store-using-command-l
Sorry, I'm not a linux expert and frankly that kind of advice is out of the scope of this project so I'd recommend googling it.
Lack of support for offered linux package is not what we'd expect to hear. :)
How it is out of scope of the project, if anyway Linux packages are provided?
it’s not lack of support, I am trying to offer you a temporary solution to your problem while we work on the longer-term fix we’ve discussed above. My suggestion is that you force your computer to trust the self-signed certificate, which should let our app load the site that it is currently blocking, however the way to do this is dependent on your operating system and is not within our control. I provided you with the way to do this on the platforms I am personally familiar with, but I am not a Linux expert. There are many resources online for how to trust self-signed certificates, I suggest you do some research.
Hope this does get implemented, would be cool to remotely access my proxmox via the lan IP without needing to import the key manually.
We don't currently have time to address this, maybe in February. I'm gonna mark this as a good first issue, I've mentioned above some thoughts on how this should be implemented.
1 year later bump, any insight on this? Kind of limits the reasons we want to use it for actually IT work. :)
1 year later bump, any insight on this? Kind of limits the reasons we want to use it for actually IT work. :)
I've given up on this. Even i forgot that i've opened a report. It seems that developers don't give a **** about bug reports :>